"Nintendo"('s NSes) are asking my IP for it's rdns

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 24 11:53:20 UTC 2012


On 24/07/12 12:05, Brian J. Murrell wrote:

>
> Is this just broken NS software or are they (Nintendo, FWIW) doing

Looks broken to me.

I note that IP doesn't have a reverse. This suggests to me it's not any 
kind of nameserver, but rather part of their general pool - perhaps a 
random desktop.

However, this page:

http://vega.sra-tohoku.co.jp/~kabe/misc/dnsprober.html

...suggests it is part of some kind of probing/exploration 
infrastructure, although the page author seems a bit, erm... how to put 
this?... intense, about unexpected DNS traffic ;o)

> something interesting, like giving everyone an opportunity to provide
> an rdns for their own IP address without everyone having to make
> classless in-addr.arpa delegation arrangements with their ISP (which
> mine refused to do)?

Change ISP?

>
> It's kind of a neat concept if it's not just an accident of broken NS
> software.

I don't think that's what is going on. But even if it were, I think that 
would be a bad idea, personally. DNS is well-specified in the RFCs. 
Violating those to work around lazy ISPs is not a good solution.

>
> Has anyone else seen anything like this before?  Is there some
> (proposed even) standard for doing this that I'm not aware of?

We see all kinds of weird nonsense come into our DNS servers. We see 
LOTS AND LOTS of these two zones, continually:

75.97.111.76#27300: view main: query (cache) 
'mx241.emailfiltering.com/A/IN' denied

41.218.219.221#26895: view main: query (cache) 
'service17.mimecast.com/A/IN' denied


But we also see a trickle of other crap that is nothing to do with us, 
for example:

190.26.0.2#16074: view main: query (cache) 'ns1.webservices.net/A/IN' denied

59.90.143.134#48824: view main: query (cache) 'a20.g.akamai.net/A/IN' denied


I've never established why this happens, whether it's some kind of 
attempt at cache poisoning from botnets or just broken software. But 
frankly I don't care - I just ignore it.



More information about the bind-users mailing list